[Beta] Asuswrt-Merlin 380.67 Beta is now available

[RMerlin]

Asuswrt-Merlin 380.67 Beta 2 is now available for all supported model. This update merges with newer Asus GPL, improves SSL certificate support for the webui, and updates various components.

Changes in Beta 4:

7df69e9 openvpn: changed two logger calls to avoid spaces in program id (ref. issue #1413)
4439b10 ez-ipupdate: make syslog entries RFC-compliant, by removing space from tag (ref. issue #1413)
1dac206 shared: make logmessage() ensure that provided tag don't break RFC3164 by using spaces (ref. issue #1413)
d864e5b rc: reverting logmessage change in Asus's own cases, as we're going to tackle the issue differently, and I don't want unnecessary changes that would increase the risk of merge issues with new GPL
e4692b2 Updated documentation
4620b18 shared: fix replace_char() parameter types
4c85fba rc: minor optimization to ntp - use nvram_get_int() instead of nvram_match()
a08b0a9 webui: properly escape OpenVPN user/passwords that contain &xx strings (close #1398)
f374d01 ssh: revert idle timeout support, as it doesn't work properly anyway
7db034b shared: add missing ";" from previous commit
4a2786c webui: Fix custom Adaptive QoS priority saving under IE 11
d625d15 rc, shared: provide RFC3164 compliant TAG field for hour_monitor and custom_script logmessage() calls (closes #1413)
9f9fd49 webui: add missing help hint for VirtualServer's source IP field (bug from Asus; closes #1409)
f87f4e0 kernel: ctf: temporary fix icmpv6 errors forwarding in reply
4df9152 firewall: fix rule generation for trigger port ranges
e6136ae shared: add replace_char function to strings.c
302d9ce iptables: fix iptables-save for trigger rules
f20cf3c qos: modified tc patch to avoid any potential endless loop between faketc and realtc
c4e8b37 Bumped revision to beta 4

Changes in Beta 3:

04eec3c Bumped revision to beta 3
2e39e39 ctf: revert BCM6.37's ctf to pre-7743 version, as an attempt to fix broken PPPoE acceleration
23f8e63 Merge with GPL 7743 binary blobs for RT-AC87U; updated kludges
d992e24 qos: implement overhead support for AdaptiveQoS; re-design overhead configuration on the webui; add non-atm based overhead support
927d443 rc: duplicate ssl_enable keyword when enabling FTP TLS
51256fc Add space before WAN IP
b99dc76 qos: implement wedge to iproute2 to insert (fq_)codel support in Adaptive QoS

Changes in Beta 2:

03e93bc sshd: disable the new 20 mins timeout by default as dropbear's keep-alive support seems broken
3b3bf31 nano: Updated to 2.8.5 (closes #1393)
2b1d74d Updated documentation
642258a webui: restart httpd if the persistent https certificate setting was changed
80316dc vsftpd: implement TLS support
db0eebd openssl: make gencert.sh handle either httpd or ftp certs
2132943 httpd: moved stored SSL certs to /jffs/ssl/, as we have other certs to store
72cdf4d openvpn: better handle misconfigurations where we're missing a route_vpn_gateway
514d1b7 openvpn: put redirect-gateway def1 into the custom area if found in an imported ovpn
1ed8353 Updated documentation
b3fa0bd kernel-mips, kernel-sdk7.x: merge GPL 7743 changes to ppp
8c34035 Merge with GPL 7743 binary blobs for RT-AC66U and RT-AC3200 (minus missing wifi driver); updated kludges
60db666 webui: update SSL persistent certificate location in the tooltip
8216384 Merge pull request #1382 from rmk40/master
fd2de3b upnp: external and internal port arguments are swapped in miniupnpd's config file
23ba41b Bumped revision to beta 2
ddc7959 wpa_supplicant: Support for PEAP/MSCHAPv2 via 802.1x

The highlights:

• Merged with GPL 380_7743. Note that Asus hasn't released GPL drops for all models, so the following models will use a mixture of 7743 and 7378: N66U
• Webui SSL certificates can now be saved to the /jffs/ssl/ folder, and made persistent across reboots. New settings can be found under Administration -> System on the webui.
• Updated numerous components to their latest versions: minidlna, nano, openssl, ipset (ARM). (for those who missed it, OpenVPN was already updated to 2.4.3 in the 380.66_6 security update).
• Vsftpd was upgraded from 2.0.4 to 3.0.3. You might need to adjust any custom configuration you might have done in the past.
• Added TLS support in VSFTPD, which can be enabled on the FTP configuration page. Certificates are also persistent, located under /jffs/ssl/ as ftp.cert and ftp.key.
• As SMB1 is getting deprecated by Microsoft, the switch to enable SMB2 support has been moved to the Samba settings page rather than kept as a tweak.
• Optimized webui images to reduce their size
• Tor runs as a limited user now instead of root, for enhanced security.
• The option to enable/disable bridge multicast snooping was removed, as Asus has now permanently disabled it at the kernel level.
• A few other minor enhancements - see the Changelog for details

Things in need of specific testing:

• The new webui SSL certificate enhancements. Try providing your own certificates under /jffs/https/. To have httpd start using them (after enabling it under Administration -> System), you must restart httpd: "service restart_httpd".
• Vsftpd: make sure it still works properly after the upgrade to the newer 3.x branch
• Tor: make sure it still works properly
• ipset on ARM models: make sure the update to 6.32 didn't break anything
• openvpn: make sure nothing was broken by the recent update to 2.4.3 in 380.66_6.

Downloads are here.
Changelog is here.

Please keep discussion in this thread on these specific beta releases. Off-topic posts will be moved or deleted.

 

[RMerlin]

Known issues:

• Missing Adaptive QoS options when you enable it. (fixed with beta3b)

 

[natzakaria]

Flashed it - running perfect

 

[Adamm]

IPSet v6.32 seems to be working as expected for the most part, but two things I noticed;

1) The comment extension is still broken. I'm not sure if its IPSet in general as I don't have another linux machine to test. For example, the following should create a set with the extension enabled.

ipset create test hash:net comment

2) All mac related sets seem to be broken. Any of the following commands just end up frozen and the process cant be killed (and locks up the CPU at %100);

ipset create test hash:ip,mac
ipset create test hash:mac

 

[SevenFactors]

So the current default samba version in use is by asus has been smb 1.0? I thought the reason you had to allow ver 2 was bcuz they were issues with said version.

 

[mikelees2]

Flashed 380.67_beta1 and all seems to be good so far.
Thanks for the great work @RMerlin.

 

[RMerlin]

So the current default samba version in use is by asus has been smb 1.0? I thought the reason you had to allow ver 2 was bcuz they were issues with said version.

Stock firmware does not support SMB2 at all.

I kept it disabled by default after adding support for it because of the performance impact it has on these weak CPUs.

Sent from my P027 using Tapatalk

 

[JGrana]

Stock firmware does not support SMB2 at all.

I kept it disabled by default after adding support for it because of the performance impact it has on these weak CPUs.

Sent from my P027 using Tapatalk

So you still recommend SMB1? At least until ASUS gets SMB2 optimized a bit?

 

[ziolupo]

Merlin, the patch proposed by John for NFS was inserted in this beta?
Thank you.

Zio Lupo

 

[quant88]

There are phones at home that come with mu-mimo feature.. so I'm trying out with multi user mimo enabled and airtime fairness disabled. So far so good - running well with ac88u as router and ac68u and rt66u in repeater mode.

 

[elorimer]

Merlin, the patch proposed by John for NFS was inserted in this beta?
Thank you.

Zio Lupo

So sayeth the changelog.

 

[Naftali Oziel]

Merlin, the patch proposed by John for NFS was inserted in this beta?
Thank you.

Zio Lupo

Appears to be based on his change log

FIXED: NFS sometimes failing to start properly (patch by john9527)

 

[yk101]

As SMB1 is getting deprecated by Microsoft, the switch to enable SMB2 support has been moved to the Samba settings page rather than kept as a tweak.

Am I missing something, or completely blind? I can't find the Samba setting page on AC88U. Can you please tell me where is this setting?

On the bright side, AC88U and AC66U upgraded without major hustle. For some reason one of my mac computers fails to connect to 2.4GHz band on AC88. 5GHz band seem to be fine.

 

[Laszlo Ladanyi]

AC87U: slow pppoe wan performance (320/200Mbit) with this beta.
Flashed back latest stable and measured 950 Mbit download/200Mbit upload which is fine.
I did this flash cycle again with same results.
Ps: all were dirty flash without factory reset.

 

[RMerlin]

So you still recommend SMB1? At least until ASUS gets SMB2 optimized a bit?

Up to you, depends on if you're after security or performance.

Asus cannot do much to optimize SMB2 support, the router's CPU is simply too weak for it. I'm already building Samba with more optimizations than Asus' stock firmware.

 

[RMerlin]

Am I missing something, or completely blind? I can't find the Samba setting page on AC88U. Can you please tell me where is this setting?

USB Applications -> Media Services and Servers -> Network Place (Samba) Share.

 

[RMerlin]

Why is there two persons who "liked" the placeholder post?

 

[yk101]

USB Applications -> Media Services and Servers -> Network Place (Samba) Share.

Thanks!

 

[pietjepuk100]

Why is there two persons who "liked" the placeholder post?

Three

 

[RMerlin]

2) All mac related sets seem to be broken. Any of the following commands just end up frozen and the process cant be killed (and locks up the CPU at %100);

Try loading the required modules with modprobe first. I remember a similar issue used to exist in early days, until I added a modules.dep config file. If manually loading the modules work, then it means the issue is probably with the modules dep file.